Points: 30

Description:

Write-up

So they gave a 32-bit ELF stripped executable. Simply running the binary ./debug32 didn’t do nothing.

I looked through the assembly in IDA and saw “Printing Flag” being printed somewhere.

So the first and probably the last thing I needed to do was to jump to the function printing it. The address of the function as we can see is at 0x804849B.

For this I used gdb. My first instinct was to set a breakpoint at main, then set the eip to the address of the required function and continue. This would print out the flag.

But since this was a stripped binary(hence no symbols table), it didn’t recognise main as a valid breakpoint. So I set the breakpoint at __libc_start_main() function. This is the function which sets up the environment and then calls the main() function when the binary is run.